Show ip filter, Example Checking for port numbers | Sunfire B1600

This also blocks all TCP packets from class C addresses 192.168.1.0 with SYN set.

Console(config)#ip filter deny tcp 192.168.1.0 255.255.255.0

0.0.0.00.0.0.0 code 2 2 Console(config)#

Example – Checking for port numbers

This example allows TCP packets from class C addresses 192.168.1.0 to anywhere when set for destination port 80.

Console(config)#ip filter permit tcp 192.168.1.0 255.255.255.0

0.0.0.00.0.0.0 80

Console(config)#

This example drops any TCP packets from source 10.7.1.1 to destination 10.8.1.1, with the source port between 30 - 46 and the destination port between 100 - 2000.

Console(config)#ip filter deny tcp 10.7.1.1 255.255.255.255 30- 46 10.8.1.1 255.255.255.255 100-2000

Console(config)#

4.3.7.9show ip filter

Use this command to display all rules in the IP filter table.

Syntax

show ip filter [rule-number log]

■rule-number– Display a filter rule at the specified position in the table. Range: 1-128

■log – Display all packets stored in the log buffer. Note that packets stored in this buffer must match the rules in the filter table. The maximum number of entries stored in the log buffer is 64.

If no options are selected, all packets in the log buffer are displayed.

Default Setting

None

Chapter 4 Command-Line Reference 4-81

Image 279

Sunfire B1600 manual Show ip filter, Example Checking for port numbers

Contents

Page Page Page Page Contents General Management of the Switch Contents Page Contents Command-Line Reference Contents Page Contents Page Contents Management Information Base A-1 Glossary Glossary-1 Index Index-1 Page How This Book Is Organized Before You Read This BookPage Related Documentation Accessing Sun DocumentationEnable Typographic Conventions Sun Welcomes Your Comments Contacting Sun Technical Support Introduction Switch Architecture Ways of Accessing the Switch Management ApplicationOverview Description of Hardware Ethernet PortsUp-link Ports Internal Ports SSC Exterior Panel Port LEDs Status LEDs Features of the Switch Introduction Page 2Switch Default Settings Switch Default Settings ARP Initial Configuration Connecting to the Switch Interface Configuration OptionsSc console sscn/swt Community Strings Enabling Snmp Management Access Trap Receivers Blade System Chassis Software Setup Guide Page General Management of the Switch Using the Web Interface Home Navigating the Web Browser Interface Configuration Options 1Web Page Configuration ButtonsPanel Display Main Menu 2Summary of Tasks You Can Perform Using the Web Agent 102 134 Displaying System Information Basic Configuration 3Switch Setup ⇒ System Identity Window Pass MIB Variables Identification Details Setting the IP Address Web Interface Specifying the Management Vlan and IP Details Manual Configuration 5Open Switch Setup ⇒ Network Identity Window Consoleconfig-if#ip address 10.1.0.2 Consoleconfig#ip default-gatewayMIB Variables Specifying the Management Vlan and IP Details Web Interface Using Dynamic IP Configuration Services Using DHCP/BOOTP Console#ip dhcp restart Console#ip dhcp restart Console#show ip interface MIB variables Using Dynamic IP Configuration Services Displaying Switch Software Versions Console#show version Use the following command to display version information 6MIB Versions Associated With Software Version Information MIB Variables Associated With Software Version Information Downloading Switch Firmware From a Server Web Interface Downloading Switch FirmwareManaging Firmware Command-line Interface Dowloading Switch Firmware 7MIB Variables Associated With Downloading Firmware Consoleconfig#boot system opcodeMIB Variables Associated With Downloading Firmware Console#copy tftp file Supported Saving or Restoring Configuration Settings Downloading Configuration Settings From a ServerWeb Interface Downloading a File of Configuration Settings Page Consoleconfig#boot system config startup-new Configuring User Authentication Applies only to Radius server authentication Web Interface Configuring User Authentication To configure authentication parameters for local access Command-line Interface Configuring User Authentication Configuring Snmp MIB variables Associated With User Authentication9MIB Variables Associated With User Authentication Web Interface Adding and Removing Community Strings Configuring Snmp Access MIB Variables Associated With Community Strings Consoleconfig#snmp-server community blueberry rw Web Interface Specifying Trap Management Stations Specifying Trap Managers and Trap Types Command-line Interface Specifying Trap Management Stations 10MIB Variables Associated With Trap Management MIB Variables Associated With Trap Management Vlan Configuration Configuring Global Network ProtocolsPage Web Interface Displaying Basic Vlan Information Displaying Basic Vlan Information Console#show bridge-ext Command-line Interface Displaying Basic Vlan Information 11MIB Variables Associated With Basic Vlan Information MIB Variables Associated With Basic Vlan Information MIB-II Enabling or Disabling Gvrp Global Setting Web Interface Enabling or Disabling Gvrp Global SettingCommand-line Interface Enabling Gvrp 12MIB Variables Associated With Gvrp Configuring VLANsWeb Interface Configuring VLANs MIB Variables Associated With Gvrp See Adding Static Members to VLANs on Vlan Command-line Interface Vlan Configuration 13MIB Variables Associated With Vlan Configuration MIB Variables Associated With Vlan Configuration Port list Adding Static Members to VLANs Web Interface Adding Ports Manually to a Vlan 18The Switch Config ⇒ VLANs Window Command-line Interface Adding Ports Manually to a Vlan 14MIB Variables Associated With Adding Ports to a Vlan MIB Variables Associated With Adding Ports to a Vlan Multicast Configuration Configuring Igmp Snooping Parameters Web Interface Configuring Igmp Snooping Parameters 19The Switch Config ⇒ Broadcast & Multicast Window Console#show ip igmp snooping Command-line Interface Configuring Igmp Snooping Parameters Specifying Interfaces Connected to Multicast Routers MIB Variables Associated With Igmp Parameters15MIB Variables Associated With Igmp Parameters Page General Management of the Switch Console#show ip igmp snooping mrouter vlan Consoleconfig#ip igmp snooping vlan 1 mrouter ethernet NETP0 Read/create Octet string Multicast Router Web Interface Configuring Multicast Services Configuring Multicast Services General Management of the Switch MIB Variables Associated With Configuring Multicast Servcies Command-line Interface Configuring Multicast Services Web Interface Using Broadcast Storm Control Broadcast Storm Control Global Setting Command-line Interface Using Broadcast Storm Control 18MIB Variables Associated With Broadcast Storm Control MIB Variables Associated With Broadcast Storm Control Configuring Basic STA Settings Spanning Tree Algorithm Configuration General Management of the Switch Web Interface Configuring Basic STA Settings General Management of the Switch Consoleconfig#spanning-tree mode rst Command-line Interface Configuring Basic STA Settings 19MIB Variables Associated With Basic STA Settings MIB Variables Associated With Basic STA Settings Web Interface Configuring Advanced STA Settings Configuring Advanced STA Settings Command-line Interface Configuring Advanced STA Settings MIB variables Associated With Advanced STA Settings20MIB Variables Associated With Advanced STA Settings Class of Service Configuration Setting the Default Priority for InterfacesWeb Interface Configuring Class of Service 25The Switch Config ⇒ Class of Service Command-line Interface Configuring Class of Service Mapping COS Values to Egress Queues MIB Variables Associated With Class of Service21MIB Variables Associated With Class of Service 22IEEE 802.1p Default Priority Recommendations 23IEEE 802.1p Traffic Types Web Interface Mapping COS Values to Traffic Classes Console#show queue cos-map ethernet NETP0 Command-line Interface Mapping COS Values to Traffic Classes Traffic Class Web Interace Setting the Service Weight for Traffic Classes Setting the Service Weight for Traffic Classes Console#show queue bandwidth Queue ID Weight 25Setting the Service Weight for Traffic ClassesMapping Layer 3/4 Priorities to COS Values Web Interface Enabling Priority Services Command-line Interface Enabling Priority ServicesConsoleconfig#map ip precedence 26MIB Variables Associated With Traffic Prioritization Consoleconfig#no map ip precedenceMapping IP Precedence MIB Variables Associated With Traffic Prioritisation Web Interface Mapping IP Precedence 28MIB Variables Associated With Mapping IP Precedence Command-line Interface Mapping IP PrecedenceMIB Variables Associated With Mapping IP Precedence Console#show map ip precedence ethernet SNP5 29Default Dscp to COS Mapping Mapping Dscp PriorityWeb Interface Mapping Dscp Priority Command-line Interface Mapping Dscp Priority Consoleconfig#interface ethernet SNP5Console#show map ip dscp ethernet SNP5 Address Table Settings Displaying the Address TableMIB Variables Associated With Mapping Dscp to CoS Values Command-line Interface Viewing the Address Tables Web Interface Viewing the Address TablesMac-address-table Interface ethernet NETP1 30MIB Variables Associated With the Address Tables Changing the Aging TimeMIB Variables Associated With the Address Tables Web Interface Changing the Aging Time 31MIB Variables Associated With Aging Time Command-line Interface Changing the Aging TimeConsoleconfig#mac-address-table aging-time MIB Variables Associated With Aging Time Displaying Connection Status Port Configuration Web Interface Displaying Connection Status for the Ports See Configuring Interface Connections on 33The Up Links ⇒ Connections Status Window Console#show interfaces status ethernet NETP7 This example shows the connection status for Port NETP7 MIB Variables Associated With the Connection Status of Ports Read only Error1 Duplex Status Configuring Interface Connections Web Interface Configuring Interface Connections 34The Up Links ⇒ Status Window showing attribues of NETP0 33MIB Variables for Interface Connections Command-line Interface Configuring Interface Connections Read/write Bits Capabilities Configuring Aggregated Links Web Interface Dynamic Aggregated Links Lacp Dynamically Configuring an Aggregated Link with Lacp Console#show interfaces status port-channel Command-line Interface Dynamic Aggregated Links LacpConsoleconfig#interface ethernet NETP0 Consoleconfig#interface ethernet NETP1 34MIB Variables Associated With Dynamic Aggregated Links MIB Variables Associated With Dynamic Aggregated Links Web Interface Statically Configuring an Aggregated Link Statically Configuring an Aggregated Link Consoleconfig#interface ethernet NETP3 Consoleconfig#interface port-channel 35MIB Variables Associated With Static Aggregated Links MIB Variables Associated With Static Aggregated Links Configuring Vlan Behavior for Interfaces Web Interface Configuring Vlan Behavior for Interfaces Modify the required settings for each interface Click Save 38The Up Links ⇒ VLANs Window cont’d 36MIB Variables Associated With Vlan Behavior of Interfaces MIB Variables Associated With Vlan Behavior of Interfaces Port Gvrp Read Octet string Name Configuring Static Addresses 39The Up Links ⇒ Static Addresses Window Web Interface Configuring Static Addresses 37MIB Variables Associated With Static Addresses Command-line Interface Configuring Static AddressesMIB Variables Associated With Static Addresses Console#show mac-address-table ethernet NETP4 Vlan Index Managing Interfaces for Spanning Tree Algorithm Displaying the Current Interface Settings for STA CLI displays this term Console#show spanning-tree ethernet NETP4 40The Up Links ⇒ Spanning Tree Window 38MIB Variables Associated With a Port’s STA Settings MIB Variables Associated With a Port’s STA Settings Configuring Interface Settings for STA Web Interface Configuring STA Settings for a Port 41The Up Links ⇒ Spanning Tree Window for NETP4 Command-line Interface Configuring STA Settings for a Port MIB Variables for Configuring a Port’s STA Settings 39MIB Variables for Configuring a Port’s STA SettingsChecking the STA Protocol Status for Interfaces 40MIB Variables Associated With a Port’s STA Status MIB Variables Associated With a Port’s STA StatusPage 43The Management Ports ⇒ Packet Filtering Window Web Interface Filtering Traffic to the Management Port Consoleconfig#ip filter permit any 0.0.0.0 0.0.0.0 0.0.0.0 Action Read/create Integer IP Port Configuring Port Mirroring Web Interface Configuring Port MirroringMonitoring Port and Management Traffic 44The Monitoring ⇒ Port Mirroring Window Command-line Interface Configuring Port Mirroring Showing Port Statistics MIB Variables Associated With Port Mirroring42MIB Variables Associated With Port Mirroring 43Traffic Statistics 43Traffic Statistics 43Traffic Statistics 45The Monitoring ⇒ Port Statistics window Web Interface Viewing Port Statistics Scroll down the page to view Rmon statistics This example shows statistics for port SNP13 Command-line Interface Viewing Port Statistics 44MIB Variables Associated With Port Statistics MIB Variables Associated With Port Statistics Out Discards Deferred CRC/Alignment 45SNMP Traffic Statistics Showing Snmp Statistics Open Monitoring ⇒ Snmp Statistics Web Interface Viewing Snmp Statistics 47The Monitoring Snmp Statistics Window Console#show snmp Command-line Interface Viewing Snmp Statistics Configuring Message Logs MIB Variables Associated With Snmp Statistics46MIB Variables Associated With Snmp Statistics 47Error Levels Web Interface Configuring Message Logs 48The Monitoring ⇒ Logs Window Command-line Interface Configuring Message Logs 48MIB Variables Associated With Message Logs MIB Variables Associated With Message LogsPage Command-Line Reference Using the Command-Line Interface Accessing the CLIConsole Connection Telnet Connection Consoleconfig-if#ip address 10.1.0.1 Keywords and Arguments Entering CommandsConsole#show startup-config Consoleconfig#username admin password 0 smith Command Completion Getting Help on CommandsMinimum Abbreviation Consoleshow interfaces ? Showing Commands Partial Keyword Lookup Negating the Effect of CommandsUsing Command History Understanding Command Modes 1Command Modes Exec Commands Console#configure Configuration Commands Command-Line Processing 2Configuration Modes3CLI Editing Keystrokes 4Command Groups Command Groups 166 Syntax Detailed Command DescriptionGeneral Commands Enable Disable Configure Show history Reload 1.6 end Quit Exit Copy Flash/File Commands Syntax Console#copy file tftp Delete Console#delete test2.cfg 2.3 dir 5File Information Following example shows how to display all file information Whichboot Console#whichboot Boot system System Management Commands Consoleconfig#boot system config startup6System Management Commands Hostname Consoleconfig#hostname ServerChassis35 7Default User Names and PasswordsUsername Enable password Ip http port Consoleconfig#enable password level 15 0 admin Ip http server Jumbo frame Logging on Logging history 8Error Levels Consoleconfig#logging history ram Clear loggingConsole#clear logging Show logging Show startup-config Console#show startup-config Show running-config Console#show running-config Show system None Show users Show versionConsole#show users Example Authentication Commands 9Authentication Commands Authentication login Consoleconfig#authentication login radius Radius-server port Radius-server host Radius-server key Consoleconfig#radius-server key green Radius-server timeout Default Setting Command ModeRadius-server retransmit Console#show radius-server Show radius-server Tacacs-server port Tacacs-server host Tacacs-server key Console#show tacacs-server Snmp Commands10SNMP Commands Show tacacs-server Snmp-server community Consoleconfig#snmp-server community alpha rw Consoleconfig#snmp-server contact PaulSnmp-server contact Consoleconfig#snmp-server location WC-19 Snmp-server locationSnmp-server host Consoleconfig#snmp-server host 10.1.19.23 batman version Snmp-server enable traps Show snmp Console#show snmp Line Commands 11Line CommandsLine Login Password No password is specified Password-thresh Exec-timeout Silent-time Show line Console#show line IP Commands Ip address Ip dhcp restart Ip dhcp client-identifier Syntax Ip default-gateway Show ip redirects Show ip interface Console#show ip redirects Ping Ip filter Port number is not checked. The fragments option is allowed General Configuration Example Address filters Example Checking for fragmentsExample Checking for code values Consoleconfig#ip filter permit tcp 192.168.1.0 0.0 0.0.0.0 Show ip filterExample Checking for port numbers Console#show ip filter Interface Commands 13Interface CommandsInterface Description Speed-duplex Consoleconfig#interface ethernet NETP5 Consoleconfig-if#speed-duplex 100halfNegotiation Capabilities Consoleconfig#interface ethernet SNP11 SNP0-15 1000full Flowcontrol Consoleconfig#interface ethernet NETP7 Following example enables flow control on port NETP7 Shutdown Switchport broadcast packet-rate Enabled for all ports Packets per second Clear counters Show interfaces statusConsole#clear counters ethernet SNP5 Vlan vlan-idRange Console#show interfaces status ethernet SNP11 Show interfaces counters Console#show interfaces counters ethernet NETP7 Show interfaces switchport Shows all interfaces Address Table Commands Console#show interfaces switchport ethernet NETP714Address Table Commands Action Mac-address-table static Clear mac-address-table dynamic Show mac-address-tableConsole#clear mac-address-table dynamic Console#show mac-address-table Mac-address-table aging-time Show mac-address-table aging-time Console#show mac-address-table aging-time Port Security Commands15Port Security Commands Port security Following example enables port security of port SNP5 Spanning Tree Commands 16Spanning Tree CommandsSpanning-tree Spanning-tree mode Spanning-tree forward-time Consoleconfig#spanning-tree mode rstp Spanning-tree hello-time Spanning-tree max-age Spanning-tree priority Spanning-tree pathcost method Consoleconfig#spanning-tree priority Consoleconfig#spanning-tree pathcost method long Spanning-tree transmission-limitSpanning-tree cost Spanning-tree cost cost No spanning-tree cost Spanning-tree port-priority Spanning-tree edge-port Spanning-tree protocol-migration Spanning-tree link-type Show spanning-tree Rstp 17VLAN Commands Vlan Commands Vlan Vlan database Consoleconfig-vlan#vlan 105 name RD5 media ethernet Switchport mode Consoleconfig-if#ip address 192.168.1.254Interface vlan Switchport acceptable-frame-types Switchport ingress-filtering Switchport native vlan Switchport allowed vlan Default Setting Switchport forbidden vlan Show vlan Gvrp and Bridge Extension Commands 18GVRP and Bridge Extension CommandsVlan id Switchport gvrp Show gvrp configurationConsoleconfig#interface ethernet SNP1 Console#show gvrp configuration Garp timer Show garp timer Show garp timer Console#show garp timer ethernet SNP1Bridge-ext gvrp Show bridge-ext Command Usage 19IGMP Snooping Commands Igmp Snooping Commands Ip igmp snooping Ip igmp snooping vlan static Ip igmp snooping version Show ip igmp snooping Consoleconfig#ip igmp snooping version Show mac-address-table multicast Consoleconfig#ip igmp snooping querier Ip igmp snooping querierIp igmp snooping query-count Ip igmp snooping query-interval Consoleconfig#ip igmp snooping query-count Ip igmp snooping query-max-response-time Consoleconfig#ip igmp snooping query-interval Ip igmp snooping router-port-expire-time Consoleconfig#ip igmp snooping query-max-response-time Ip igmp snooping vlan mrouter Consoleconfig#ip igmp snooping router-port-expire-time Show ip igmp snooping mrouter Priority Commands 20Priority CommandsConsole#show ip igmp snooping mrouter Switchport priority default Queue bandwidth Queue bandwidth weight1...weight4 Queue cos-map Consoleconfig#queue bandwidth 1 3 5 21IEEE 802.1p Default Priority Recommendations Show queue bandwidth Show queue cos-map Console#show queue cos-map ethernet SNP11 Map ip precedence Global Configuration Map ip precedence ip-precedence-value cos cos-value Map ip precedence Interface Configuration Map ip dscp Global Configuration 22Default Dscp to COS Mapping Map ip dscp Interface Configuration Show map ip precedence Show map ip dscp Map ip dscp ethernet SNP1 Mirror Port Commands 23Mirror Port CommandsPort monitor Show port monitor Link Aggregation Commands 24Link Aggregation Commands Channel-groupGuidelines for Creating Aggregated Links Lacp Lacp No lacp Consoleconfig#interface ethernet NETP0 Management Information Base Table A-1Supported MIBs Supported MIBs Supported Traps Table A-2Sun Private Enterprise MIBTable A-4Sun Private Enterprise Traps Page Troubleshooting Diagnosing Switch Indicators Accessing the Management InterfaceDiagnosing Port Connections Appendix B Troubleshooting B-3 Using System Logs Log MessagesTable B-1Log Messages Error Messages Command-Line Error DetectionConsole#show interfaces statuss e 1/1 Table B-3Command Line Error Messages System ErrorsCommand Line Errors Table B-2System Error Messages Appendix B Troubleshooting B-7 Line mode vty can not use console parameter Table B-4Web Interface Error Messages Web Interface Errors Illegal Snmp trap IP address Appendix B Troubleshooting B-11 Table B-4Web Interface Error Messages Appendix B Troubleshooting B-13 Table B-4Web Interface Error Messages Specifications Table C-1Switch Architecture Switch Architecture Table C-2Management Features Management Features Power EnvironmentalStandards Appendix C Specifications C-5 Page Bandwidth Glossary Garp Vlan Defines frame extensions for Vlan tagging Access method and physical layer specificationsConvergence for topology changes 1000BASE-T Fast Ethernet Link Aggregation Control Protocol Efficiency of the network Management servicesAccess to this switch Blocks and error-correctedPage Index Page Index-3